/**
* The public key in the certificate and the private key are used to sign the advertisement.
*
* @param paraCert The signer's certificate (public key)
* @param paraPrivateKey The signer's private key.
* @return true, if the signing succeeds. Otherwise, true.
*/
public final synchronized boolean sign(
PSECredential pseCredential, boolean includePublicKey, boolean includePeerID) {
this.xmlSignatureInfoElement = null;
this.xmlSignatureElement = null;
this.xmlSignature = null;
try {
PSEMembershipService pseMembershipService =
(PSEMembershipService) pseCredential.getSourceService();
XMLDocument tempDocNoSig = (XMLDocument) this.getDocument(MimeMediaType.XMLUTF8);
PSEMembershipService.PSEAdvertismentSignatureToken pseAdvertismentSignatureToken =
pseMembershipService.signAdvertisement(tempDocNoSig, includePublicKey, includePeerID);
XMLSignatureInfo xmlSignatureInfo = pseAdvertismentSignatureToken.getXMLSignatureInfo();
xmlSignatureInfoElement = xmlSignatureInfo.getXMLSignatureInfoDocument();
this.xmlSignature = pseAdvertismentSignatureToken.getXMLSignature();
xmlSignatureElement = xmlSignature.getXMLSignatureDocument();
this.authenticated = true;
this.isMember = true;
this.isCorrectMembershipKey = true;
} catch (Exception ex) {
this.xmlSignatureInfoElement = null;
this.xmlSignatureElement = null;
this.xmlSignature = null;
this.authenticated = false;
this.isMember = false;
this.isCorrectMembershipKey = false;
}
return this.authenticated;
}
@Test
public void testXmlSignature() throws Exception {
String providerName =
System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory factory =
XMLSignatureFactory.getInstance(
"DOM", (Provider) Class.forName(providerName).newInstance());
DigestMethod digestMethod = factory.newDigestMethod(DigestMethod.SHA1, null);
Transform transform = factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
Reference reference =
factory.newReference("", digestMethod, Collections.singletonList(transform), null, null);
CanonicalizationMethod canonicalizationMethod =
factory.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null);
SignatureMethod signatureMethod = factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
SignedInfo signedInfo =
factory.newSignedInfo(
canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyStore ks = KeyStore.getInstance("JKS");
InputStream fis = XMLSigSpike.class.getClassLoader().getResourceAsStream("dev.jks");
ks.load(fis, "devjks".toCharArray());
fis.close();
PrivateKey prv = (PrivateKey) ks.getKey("vgr-pdl", "devjks".toCharArray());
final Certificate cert = ks.getCertificate("vgr-pdl");
final Certificate cacert = ks.getCertificate("vgr-ca");
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =
dbf.newDocumentBuilder()
.parse(XMLSigSpike.class.getClassLoader().getResourceAsStream("bfr.xml"));
final X509Certificate x509Cert = (X509Certificate) cert;
List<X509Certificate> x509 = Arrays.asList(x509Cert);
KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
X509Data x509Data = keyInfoFactory.newX509Data(x509);
List items = new ArrayList();
items.add(x509Data);
// items.add(pub);
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(items);
DOMSignContext dsc = new DOMSignContext(prv, doc.getDocumentElement());
XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo);
signature.sign(dsc);
FileOutputStream fos = new FileOutputStream("mySignedFile.xml");
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
transformer.transform(new DOMSource(doc), new StreamResult(fos));
fos.close();
Document signedDoc = dbf.newDocumentBuilder().parse(new FileInputStream("mySignedFile.xml"));
// Find Signature element.
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}
KeySelector selector =
new KeySelector() {
@Override
public KeySelectorResult select(
final KeyInfo keyInfo,
final Purpose purpose,
final AlgorithmMethod algorithmMethod,
final XMLCryptoContext xmlCryptoContext)
throws KeySelectorException {
return new KeySelectorResult() {
@Override
public Key getKey() {
List<X509Data> dataList = keyInfo.getContent();
List<X509Certificate> certList = dataList.get(0).getContent();
X509Certificate cert = certList.get(0);
try {
x509Cert.verify(cacert.getPublicKey());
} catch (CertificateException e) {
throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (InvalidKeyException e) {
throw new RuntimeException(e);
} catch (NoSuchProviderException e) {
throw new RuntimeException(e);
} catch (SignatureException e) {
throw new RuntimeException(e);
}
return cert.getPublicKey();
}
};
}
};
// Create a DOMValidateContext and specify a KeySelector
// and document context.
DOMValidateContext valContext = new DOMValidateContext(selector, nl.item(0));
// Unmarshal the XMLSignature.
XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
boolean coreValidity = signature.validate(valContext);
assertTrue(coreValidity);
}
